Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(微信支付):新增微信支付银行组件模块 #2644

Merged
merged 2 commits into from
May 15, 2022
Merged

feat(微信支付):新增微信支付银行组件模块 #2644

merged 2 commits into from
May 15, 2022

Conversation

zhongjun96
Copy link

@zhongjun96 zhongjun96 commented May 12, 2022
edited
Loading

文档地址: 银行组件
#2543

@binarywang 麻烦看下这些检查的问题需要处理吗?直接请求微信接口的,需要考虑攻击吗?

@zhongjun96 zhongjun96 changed the title face(微信支付):新增微信支付银行组件模块 feat(微信支付):新增微信支付银行组件模块 May 12, 2022
sonatype-lift[bot]
sonatype-lift bot reviewed May 12, 2022
View reviewed changes
weixin-java-pay/src/main/java/com/github/binarywang/wxpay/service/impl/BankServiceImpl.java
*
* @author zhongjun
**/
@RequiredArgsConstructor
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SameNameButDifferent: The name @RequiredArgsConstructor refers to [java.lang.SuppressWarnings, com.github.binarywang.wxpay.service.WxPayService] within this file. It may be confusing to have the same name refer to multiple types. Consider qualifying them for clarity.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 12, 2022
View reviewed changes
...a-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java

@Override
public String getV3WithWechatPaySerial(String url) throws WxPayException {
HttpGet httpGet = new HttpGet(url);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HTTP_PARAMETER_POLLUTION: Concatenating user-controlled input into a URL

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

sonatype-lift[bot]
sonatype-lift bot reviewed May 12, 2022
View reviewed changes
...a-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java
@@ -241,7 +241,17 @@ public String getV3(String url) throws WxPayException {
HttpGet httpGet = new HttpGet(url);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

HTTP_PARAMETER_POLLUTION: Concatenating user-controlled input into a URL

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've recorded this as ignored for this pull request. If you change your mind, just comment @sonatype-lift unignore.

sonatype-lift[bot]
sonatype-lift bot reviewed May 12, 2022
View reviewed changes
...a-pay/src/main/java/com/github/binarywang/wxpay/service/impl/WxPayServiceApacheHttpImpl.java
HttpGet httpGet = new HttpGet(url);
httpGet.addHeader("Accept", "application/json");
httpGet.addHeader("Content-Type", "application/json");
String serialNumber = getConfig().getVerifier().getValidCertificate().getSerialNumber().toString(16).toUpperCase();
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NULL_DEREFERENCE: object returned by getConfig().getVerifier() could be null and is dereferenced at line 252.

(at-me in a reply with help or ignore)

Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]

@binarywang
Copy link
Owner

如果不是你这次提交代码引入的lift问题可以忽略

@binarywang binarywang merged commit cfb5327 into binarywang:develop May 15, 2022
@binarywang binarywang linked an issue May 15, 2022 that may be closed by this pull request
银行组件API #2543
Closed
@binarywang binarywang added this to the 4.3.3 milestone May 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sonatype-lift sonatype-lift[bot] sonatype-lift[bot] left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
4.3.3
Development

Successfully merging this pull request may close these issues.

银行组件API
2 participants
@zhongjun96 @binarywang